1 /* $NetBSD: sys_process.c,v 1.74 2002/05/09 15:44:45 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1993 Jan-Simon Pendry. 5 * Copyright (c) 1994 Christopher G. Demetriou. All rights reserved. 6 * Copyright (c) 1982, 1986, 1989, 1993 7 * The Regents of the University of California. All rights reserved. 8 * (c) UNIX System Laboratories, Inc. 9 * All or some portions of this file are derived from material licensed 10 * to the University of California by American Telephone and Telegraph 11 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 12 * the permission of UNIX System Laboratories, Inc. 13 * 14 * This code is derived from software contributed to Berkeley by 15 * Jan-Simon Pendry. 16 * 17 * Redistribution and use in source and binary forms, with or without 18 * modification, are permitted provided that the following conditions 19 * are met: 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 2. Redistributions in binary form must reproduce the above copyright 23 * notice, this list of conditions and the following disclaimer in the 24 * documentation and/or other materials provided with the distribution. 25 * 3. All advertising materials mentioning features or use of this software 26 * must display the following acknowledgement: 27 * This product includes software developed by the University of 28 * California, Berkeley and its contributors. 29 * 4. Neither the name of the University nor the names of its contributors 30 * may be used to endorse or promote products derived from this software 31 * without specific prior written permission. 32 * 33 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 34 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 35 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 36 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 37 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 38 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 39 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 41 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 42 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 43 * SUCH DAMAGE. 44 * 45 * from: @(#)sys_process.c 8.1 (Berkeley) 6/10/93 46 */ 47 48 /* 49 * References: 50 * (1) Bach's "The Design of the UNIX Operating System", 51 * (2) sys/miscfs/procfs from UCB's 4.4BSD-Lite distribution, 52 * (3) the "4.4BSD Programmer's Reference Manual" published 53 * by USENIX and O'Reilly & Associates. 54 * The 4.4BSD PRM does a reasonably good job of documenting what the various 55 * ptrace() requests should actually do, and its text is quoted several times 56 * in this file. 57 */ 58 59 #include <sys/cdefs.h> 60 __KERNEL_RCSID(0, "$NetBSD: sys_process.c,v 1.74 2002/05/09 15:44:45 thorpej Exp $"); 61 62 #include <sys/param.h> 63 #include <sys/systm.h> 64 #include <sys/proc.h> 65 #include <sys/errno.h> 66 #include <sys/ptrace.h> 67 #include <sys/uio.h> 68 #include <sys/user.h> 69 70 #include <sys/mount.h> 71 #include <sys/syscallargs.h> 72 73 #include <uvm/uvm_extern.h> 74 75 #include <machine/reg.h> 76 77 /* Macros to clear/set/test flags. */ 78 #define SET(t, f) (t) |= (f) 79 #define CLR(t, f) (t) &= ~(f) 80 #define ISSET(t, f) ((t) & (f)) 81 82 /* 83 * Process debugging system call. 84 */ 85 int 86 sys_ptrace(p, v, retval) 87 struct proc *p; 88 void *v; 89 register_t *retval; 90 { 91 struct sys_ptrace_args /* { 92 syscallarg(int) req; 93 syscallarg(pid_t) pid; 94 syscallarg(caddr_t) addr; 95 syscallarg(int) data; 96 } */ *uap = v; 97 struct proc *t; /* target process */ 98 struct uio uio; 99 struct iovec iov; 100 struct ptrace_io_desc piod; 101 int s, error, write, tmp; 102 103 /* "A foolish consistency..." XXX */ 104 if (SCARG(uap, req) == PT_TRACE_ME) 105 t = p; 106 else { 107 108 /* Find the process we're supposed to be operating on. */ 109 if ((t = pfind(SCARG(uap, pid))) == NULL) 110 return (ESRCH); 111 } 112 113 /* Can't trace a process that's currently exec'ing. */ 114 if ((t->p_flag & P_INEXEC) != 0) 115 return EAGAIN; 116 117 /* Make sure we can operate on it. */ 118 switch (SCARG(uap, req)) { 119 case PT_TRACE_ME: 120 /* Saying that you're being traced is always legal. */ 121 break; 122 123 case PT_ATTACH: 124 /* 125 * You can't attach to a process if: 126 * (1) it's the process that's doing the attaching, 127 */ 128 if (t->p_pid == p->p_pid) 129 return (EINVAL); 130 131 /* 132 * (2) it's a system process 133 */ 134 if (t->p_flag & P_SYSTEM) 135 return (EPERM); 136 137 /* 138 * (3) it's already being traced, or 139 */ 140 if (ISSET(t->p_flag, P_TRACED)) 141 return (EBUSY); 142 143 /* 144 * (4) it's not owned by you, or is set-id on exec 145 * (unless you're root), or... 146 */ 147 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 148 ISSET(t->p_flag, P_SUGID)) && 149 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 150 return (error); 151 152 /* 153 * (5) ...it's init, which controls the security level 154 * of the entire system, and the system was not 155 * compiled with permanently insecure mode turned on 156 */ 157 if (t == initproc && securelevel > -1) 158 return (EPERM); 159 160 /* 161 * (6) the tracer is chrooted, and its root directory is 162 * not at or above the root directory of the tracee 163 */ 164 165 if (!proc_isunder(t, p)) 166 return EPERM; 167 break; 168 169 case PT_READ_I: 170 case PT_READ_D: 171 case PT_WRITE_I: 172 case PT_WRITE_D: 173 case PT_CONTINUE: 174 case PT_IO: 175 case PT_KILL: 176 case PT_DETACH: 177 #ifdef PT_STEP 178 case PT_STEP: 179 #endif 180 #ifdef PT_GETREGS 181 case PT_GETREGS: 182 #endif 183 #ifdef PT_SETREGS 184 case PT_SETREGS: 185 #endif 186 #ifdef PT_GETFPREGS 187 case PT_GETFPREGS: 188 #endif 189 #ifdef PT_SETFPREGS 190 case PT_SETFPREGS: 191 #endif 192 193 #ifdef __HAVE_PTRACE_MACHDEP 194 PTRACE_MACHDEP_REQUEST_CASES 195 #endif 196 197 /* 198 * You can't do what you want to the process if: 199 * (1) It's not being traced at all, 200 */ 201 if (!ISSET(t->p_flag, P_TRACED)) 202 return (EPERM); 203 204 /* 205 * (2) it's being traced by procfs (which has 206 * different signal delivery semantics), 207 */ 208 if (ISSET(t->p_flag, P_FSTRACE)) 209 return (EBUSY); 210 211 /* 212 * (3) it's not being traced by _you_, or 213 */ 214 if (t->p_pptr != p) 215 return (EBUSY); 216 217 /* 218 * (4) it's not currently stopped. 219 */ 220 if (t->p_stat != SSTOP || !ISSET(t->p_flag, P_WAITED)) 221 return (EBUSY); 222 break; 223 224 default: /* It was not a legal request. */ 225 return (EINVAL); 226 } 227 228 /* Do single-step fixup if needed. */ 229 FIX_SSTEP(t); 230 231 /* Now do the operation. */ 232 write = 0; 233 *retval = 0; 234 tmp = 0; 235 236 switch (SCARG(uap, req)) { 237 case PT_TRACE_ME: 238 /* Just set the trace flag. */ 239 SET(t->p_flag, P_TRACED); 240 t->p_oppid = t->p_pptr->p_pid; 241 return (0); 242 243 case PT_WRITE_I: /* XXX no separate I and D spaces */ 244 case PT_WRITE_D: 245 write = 1; 246 tmp = SCARG(uap, data); 247 case PT_READ_I: /* XXX no separate I and D spaces */ 248 case PT_READ_D: 249 /* write = 0 done above. */ 250 iov.iov_base = (caddr_t)&tmp; 251 iov.iov_len = sizeof(tmp); 252 uio.uio_iov = &iov; 253 uio.uio_iovcnt = 1; 254 uio.uio_offset = (off_t)(long)SCARG(uap, addr); 255 uio.uio_resid = sizeof(tmp); 256 uio.uio_segflg = UIO_SYSSPACE; 257 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 258 uio.uio_procp = p; 259 error = process_domem(p, t, &uio); 260 if (!write) 261 *retval = tmp; 262 return (error); 263 264 case PT_IO: 265 error = copyin(SCARG(uap, addr), &piod, sizeof(piod)); 266 if (error) 267 return (error); 268 iov.iov_base = piod.piod_addr; 269 iov.iov_len = piod.piod_len; 270 uio.uio_iov = &iov; 271 uio.uio_iovcnt = 1; 272 uio.uio_offset = (off_t)(long)piod.piod_offs; 273 uio.uio_resid = piod.piod_len; 274 uio.uio_segflg = UIO_USERSPACE; 275 uio.uio_procp = p; 276 switch (piod.piod_op) { 277 case PIOD_READ_D: 278 case PIOD_READ_I: 279 uio.uio_rw = UIO_READ; 280 break; 281 case PIOD_WRITE_D: 282 case PIOD_WRITE_I: 283 uio.uio_rw = UIO_WRITE; 284 break; 285 default: 286 return (EINVAL); 287 } 288 error = process_domem(p, t, &uio); 289 piod.piod_len -= uio.uio_resid; 290 (void) copyout(&piod, SCARG(uap, addr), sizeof(piod)); 291 return (error); 292 293 #ifdef PT_STEP 294 case PT_STEP: 295 /* 296 * From the 4.4BSD PRM: 297 * "Execution continues as in request PT_CONTINUE; however 298 * as soon as possible after execution of at least one 299 * instruction, execution stops again. [ ... ]" 300 */ 301 #endif 302 case PT_CONTINUE: 303 case PT_DETACH: 304 /* 305 * From the 4.4BSD PRM: 306 * "The data argument is taken as a signal number and the 307 * child's execution continues at location addr as if it 308 * incurred that signal. Normally the signal number will 309 * be either 0 to indicate that the signal that caused the 310 * stop should be ignored, or that value fetched out of 311 * the process's image indicating which signal caused 312 * the stop. If addr is (int *)1 then execution continues 313 * from where it stopped." 314 */ 315 316 /* Check that the data is a valid signal number or zero. */ 317 if (SCARG(uap, data) < 0 || SCARG(uap, data) >= NSIG) 318 return (EINVAL); 319 320 PHOLD(t); 321 322 #ifdef PT_STEP 323 /* 324 * Arrange for a single-step, if that's requested and possible. 325 */ 326 error = process_sstep(t, SCARG(uap, req) == PT_STEP); 327 if (error) 328 goto relebad; 329 #endif 330 331 /* If the address parameter is not (int *)1, set the pc. */ 332 if ((int *)SCARG(uap, addr) != (int *)1) 333 if ((error = process_set_pc(t, SCARG(uap, addr))) != 0) 334 goto relebad; 335 336 PRELE(t); 337 338 if (SCARG(uap, req) == PT_DETACH) { 339 /* give process back to original parent or init */ 340 if (t->p_oppid != t->p_pptr->p_pid) { 341 struct proc *pp; 342 343 pp = pfind(t->p_oppid); 344 proc_reparent(t, pp ? pp : initproc); 345 } 346 347 /* not being traced any more */ 348 t->p_oppid = 0; 349 CLR(t->p_flag, P_TRACED|P_WAITED); 350 } 351 352 sendsig: 353 /* Finally, deliver the requested signal (or none). */ 354 if (t->p_stat == SSTOP) { 355 t->p_xstat = SCARG(uap, data); 356 SCHED_LOCK(s); 357 setrunnable(t); 358 SCHED_UNLOCK(s); 359 } else { 360 if (SCARG(uap, data) != 0) 361 psignal(t, SCARG(uap, data)); 362 } 363 return (0); 364 365 relebad: 366 PRELE(t); 367 return (error); 368 369 case PT_KILL: 370 /* just send the process a KILL signal. */ 371 SCARG(uap, data) = SIGKILL; 372 goto sendsig; /* in PT_CONTINUE, above. */ 373 374 case PT_ATTACH: 375 /* 376 * Go ahead and set the trace flag. 377 * Save the old parent (it's reset in 378 * _DETACH, and also in kern_exit.c:wait4() 379 * Reparent the process so that the tracing 380 * proc gets to see all the action. 381 * Stop the target. 382 */ 383 SET(t->p_flag, P_TRACED); 384 t->p_oppid = t->p_pptr->p_pid; 385 if (t->p_pptr != p) 386 proc_reparent(t, p); 387 SCARG(uap, data) = SIGSTOP; 388 goto sendsig; 389 390 #ifdef PT_SETREGS 391 case PT_SETREGS: 392 write = 1; 393 #endif 394 #ifdef PT_GETREGS 395 case PT_GETREGS: 396 /* write = 0 done above. */ 397 #endif 398 #if defined(PT_SETREGS) || defined(PT_GETREGS) 399 if (!process_validregs(t)) 400 return (EINVAL); 401 else { 402 iov.iov_base = SCARG(uap, addr); 403 iov.iov_len = sizeof(struct reg); 404 uio.uio_iov = &iov; 405 uio.uio_iovcnt = 1; 406 uio.uio_offset = 0; 407 uio.uio_resid = sizeof(struct reg); 408 uio.uio_segflg = UIO_USERSPACE; 409 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 410 uio.uio_procp = p; 411 return (process_doregs(p, t, &uio)); 412 } 413 #endif 414 415 #ifdef PT_SETFPREGS 416 case PT_SETFPREGS: 417 write = 1; 418 #endif 419 #ifdef PT_GETFPREGS 420 case PT_GETFPREGS: 421 /* write = 0 done above. */ 422 #endif 423 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 424 if (!process_validfpregs(t)) 425 return (EINVAL); 426 else { 427 iov.iov_base = SCARG(uap, addr); 428 iov.iov_len = sizeof(struct fpreg); 429 uio.uio_iov = &iov; 430 uio.uio_iovcnt = 1; 431 uio.uio_offset = 0; 432 uio.uio_resid = sizeof(struct fpreg); 433 uio.uio_segflg = UIO_USERSPACE; 434 uio.uio_rw = write ? UIO_WRITE : UIO_READ; 435 uio.uio_procp = p; 436 return (process_dofpregs(p, t, &uio)); 437 } 438 #endif 439 440 #ifdef __HAVE_PTRACE_MACHDEP 441 PTRACE_MACHDEP_REQUEST_CASES 442 return (ptrace_machdep_dorequest(p, t, 443 SCARG(uap, req), SCARG(uap, addr), 444 SCARG(uap, data))); 445 #endif 446 } 447 448 #ifdef DIAGNOSTIC 449 panic("ptrace: impossible"); 450 #endif 451 return 0; 452 } 453 454 int 455 process_doregs(curp, p, uio) 456 struct proc *curp; /* tracer */ 457 struct proc *p; /* traced */ 458 struct uio *uio; 459 { 460 #if defined(PT_GETREGS) || defined(PT_SETREGS) 461 int error; 462 struct reg r; 463 char *kv; 464 int kl; 465 466 if ((error = process_checkioperm(curp, p)) != 0) 467 return error; 468 469 kl = sizeof(r); 470 kv = (char *) &r; 471 472 kv += uio->uio_offset; 473 kl -= uio->uio_offset; 474 if (kl > uio->uio_resid) 475 kl = uio->uio_resid; 476 477 PHOLD(p); 478 479 if (kl < 0) 480 error = EINVAL; 481 else 482 error = process_read_regs(p, &r); 483 if (error == 0) 484 error = uiomove(kv, kl, uio); 485 if (error == 0 && uio->uio_rw == UIO_WRITE) { 486 if (p->p_stat != SSTOP) 487 error = EBUSY; 488 else 489 error = process_write_regs(p, &r); 490 } 491 492 PRELE(p); 493 494 uio->uio_offset = 0; 495 return (error); 496 #else 497 return (EINVAL); 498 #endif 499 } 500 501 int 502 process_validregs(p) 503 struct proc *p; 504 { 505 506 #if defined(PT_SETREGS) || defined(PT_GETREGS) 507 return ((p->p_flag & P_SYSTEM) == 0); 508 #else 509 return (0); 510 #endif 511 } 512 513 int 514 process_dofpregs(curp, p, uio) 515 struct proc *curp; /* tracer */ 516 struct proc *p; /* traced */ 517 struct uio *uio; 518 { 519 #if defined(PT_GETFPREGS) || defined(PT_SETFPREGS) 520 int error; 521 struct fpreg r; 522 char *kv; 523 int kl; 524 525 if ((error = process_checkioperm(curp, p)) != 0) 526 return (error); 527 528 kl = sizeof(r); 529 kv = (char *) &r; 530 531 kv += uio->uio_offset; 532 kl -= uio->uio_offset; 533 if (kl > uio->uio_resid) 534 kl = uio->uio_resid; 535 536 PHOLD(p); 537 538 if (kl < 0) 539 error = EINVAL; 540 else 541 error = process_read_fpregs(p, &r); 542 if (error == 0) 543 error = uiomove(kv, kl, uio); 544 if (error == 0 && uio->uio_rw == UIO_WRITE) { 545 if (p->p_stat != SSTOP) 546 error = EBUSY; 547 else 548 error = process_write_fpregs(p, &r); 549 } 550 551 PRELE(p); 552 553 uio->uio_offset = 0; 554 return (error); 555 #else 556 return (EINVAL); 557 #endif 558 } 559 560 int 561 process_validfpregs(p) 562 struct proc *p; 563 { 564 565 #if defined(PT_SETFPREGS) || defined(PT_GETFPREGS) 566 return ((p->p_flag & P_SYSTEM) == 0); 567 #else 568 return (0); 569 #endif 570 } 571 572 int 573 process_domem(curp, p, uio) 574 struct proc *curp; /* tracer */ 575 struct proc *p; /* traced */ 576 struct uio *uio; 577 { 578 int error; 579 580 size_t len; 581 #ifdef PMAP_NEED_PROCWR 582 vaddr_t addr; 583 #endif 584 585 len = uio->uio_resid; 586 587 if (len == 0) 588 return (0); 589 590 #ifdef PMAP_NEED_PROCWR 591 addr = uio->uio_offset; 592 #endif 593 594 if ((error = process_checkioperm(curp, p)) != 0) 595 return (error); 596 597 /* XXXCDC: how should locking work here? */ 598 if ((p->p_flag & P_WEXIT) || (p->p_vmspace->vm_refcnt < 1)) 599 return(EFAULT); 600 p->p_vmspace->vm_refcnt++; /* XXX */ 601 error = uvm_io(&p->p_vmspace->vm_map, uio); 602 uvmspace_free(p->p_vmspace); 603 604 #ifdef PMAP_NEED_PROCWR 605 if (uio->uio_rw == UIO_WRITE) 606 pmap_procwr(p, addr, len); 607 #endif 608 return (error); 609 } 610 611 /* 612 * Ensure that a process has permission to perform I/O on another. 613 * Arguments: 614 * p The process wishing to do the I/O (the tracer). 615 * t The process who's memory/registers will be read/written. 616 */ 617 int 618 process_checkioperm(p, t) 619 struct proc *p, *t; 620 { 621 int error; 622 623 /* 624 * You cannot attach to a processes mem/regs if: 625 * 626 * (1) It is currently exec'ing 627 */ 628 if (ISSET(t->p_flag, P_INEXEC)) 629 return (EAGAIN); 630 631 /* 632 * (2) it's not owned by you, or is set-id on exec 633 * (unless you're root), or... 634 */ 635 if ((t->p_cred->p_ruid != p->p_cred->p_ruid || 636 ISSET(t->p_flag, P_SUGID)) && 637 (error = suser(p->p_ucred, &p->p_acflag)) != 0) 638 return (error); 639 640 /* 641 * (3) ...it's init, which controls the security level 642 * of the entire system, and the system was not 643 * compiled with permanetly insecure mode turned on. 644 */ 645 if (t == initproc && securelevel > -1) 646 return (EPERM); 647 648 /* 649 * (4) the tracer is chrooted, and its root directory is 650 * not at or above the root directory of the tracee 651 */ 652 if (!proc_isunder(t, p)) 653 return (EPERM); 654 655 return (0); 656 } 657